The FIDO (Fast IDentity Online) Alliance is an industry consortium launched in July 2012 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Nok Nok Labs, PayPal and Lenovo were among the founders.
The FIDO Alliance has developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. These new standards for devices and browser plugins will allow any website or mobile application to leverage a broad variety of existing and future FIDO-enabled devices that the user has for online security.
FIDO is a set of technology-agnostic security specifications for strong authentication. FIDO is developed by the FIDO Alliance, a non-profit organization that seeks to standardize authentication at the client and protocol layers
FIDO specifications provide two categories of user experiences. Which one the user experiences depends on whether the user interacts with the Universal 2nd Factor (U2F) protocol or the Universal Authentication Framework (UAF) protocol. Both FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre–installed on the operating system or web browser.
The FIDO protocols support multi-factor authentication (MFA) and public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.
The FIDO protocols are designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.
About the Alliance
The FIDO (Fast IDentity Online) Alliance is a 501(c)6 non-profit organization nominally formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plugins allows any website or cloud application to interface with a broad variety of existing and future FIDO Certified devices that users can leverage for enhanced online security.